Cheatsheet
Docker Scout
Docker Scout brings together all the information you need when working on securing your container development, including a layer-by-layer view of dependencies, their known vulnerabilities, and recommended remediation paths.
Docker Scout is designed with developers in mind and is fully integrated into the Docker ecosystem. With Docker Scout, you can spend less time searching for and fixing vulnerabilities and more time developing your code.
The docker scout CLI plugin provides a terminal interface for Docker Scout. It is available by default in Docker Desktop starting version 4.17.0. If you prefer alternative installation methods or require specific versions of the docker Scout CLI plugin, check out Docker Scout on GitHub.
Observability and Analysis
- Gain insights into software composition
- Compare images and identify vulnerabilities
- Analyze container image for vulnerabilities
- Customize output formats and filters
Command |
Description |
docker scout |
Command-line tool for Docker Scout |
docker scout quickview |
Quick overview of an image |
docker scout compare |
Compare two images and display differences |
|
|
Compare an image to the latest tag |
|
|
Compare an image to the latest one pushed |
|
|
Compare an image to an environment |
|
|
Ignore base images |
|
|
Generate a markdown output |
|
|
Only compare maven packages and only display critical vulnerabilities for maven packages |
docker scout environment |
Lists the environment and records images to it |
docker scout config environment |
Print configuration values of the organization |
Vulnerability Management
- Identify and track CVEs in software artifacts
- Analyze vulnerabilities by package
- Retrieve Docker Scout version Information
- Import and export vulnerability data
Command |
Description |
docker scout |
Command-line tool for Docker Scout |
docker scout quickview |
Quick overview of an image |
docker scout compare |
Compare two images and display differences |
|
|
Compare an image to the latest tag |
|
|
Compare an image to the latest one pushed |
|
|
Compare an image to an environment |
|
|
Ignore base images |
|
|
Generate a markdown output |
|
|
Only compare maven packages and only display critical vulnerabilities for maven packages |
docker scout environment |
Lists the environment and records images to it |
docker scout config environment |
Print configuration values of the organization |
Remediation & Recommendation
- Explore base image updates and recommendations
- Streamline image update processes
- Optimize image refresh strategies
- Fine-tune recommendations with filters
Command |
Description |
docker scout recommendations |
Display available base image updates and remediation recommendations |
|
|
Display base image update recommendations |
|
|
Display base image refresh only recommendations |
|
|
Display base image update only recommendations |
Policy Evaluation
- Ensure that artifacts align with established supply chain best practices
- Visualize how small, incremental changes affect policy status
- Provides out-of-the-box policies
- Define Supply chain rules for your artifacts
- Helps you track how your artifacts perform relative to rules and thresholds, over time
Command |
Description |
docker scout policy <image_name> |
Evaluate policies against an image |
|
|
Evaluate policies against an image with a specific platform |
|
|
Compare policy results for a repository in a specific environment |
Build reliable and trusted applications from the start
Visibility across the software supply chain